Convert FIDO enum-like classes to actual enums

Author: emlun

webauthn-server-core/src/main/java/com/yubico/fido/metadata/KeyProtectionType.java

@@ -2,143 +2,137 @@
 
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonValue;
+import java.security.Key;
 import java.util.stream.Stream;
-import lombok.EqualsAndHashCode;
+import lombok.Getter;
 
 /**
- * Enum-like collection of known <code>KEY_PROTECTION</code> values.
+ * The KEY_PROTECTION constants are flags in a bit field represented as a 16 bit long integer. They
+ * describe the method an authenticator uses to protect the private key material for FIDO
+ * registrations. Refer to [UAFAuthnrCommands] for more details on the relevance of keys and key
+ * protection. These constants are reported and queried through the UAF Discovery APIs and used to
+ * form authenticator policies in UAF protocol messages. Each constant has a case-sensitive string
+ * representation (in quotes), which is used in the authoritative metadata for FIDO authenticators.
  *
- * <p>Constants in this class behave like enum constants. Use {@link #of(short)} to parse raw <code>
- * int</code> values.
- *
- * @see #of(short)
+ * @see #fromValue(short)
+ * @see #fromName(String)
  * @see <a
- *     href="https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-registry-v2.0-id-20180227.html#key-protection-types">FIDO
+ *     href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#key-protection-types">FIDO
  *     Registry of Predefined Values §3.2 Key Protection Types</a>
  */
-@EqualsAndHashCode
-public class KeyProtectionType {
+@Getter
+public enum KeyProtectionType {
 
   /**
-   * This flag must be set if the authenticator uses software-based key management. Mutually
-   * exclusive with {@link #KEY_PROTECTION_HARDWARE}, {@link #KEY_PROTECTION_TEE}, {@link
-   * #KEY_PROTECTION_SECURE_ELEMENT}.
+   * This flag MUST be set if the authenticator uses software-based key management. Exclusive in
+   * authenticator metadata with {@link #KEY_PROTECTION_HARDWARE}, {@link #KEY_PROTECTION_TEE},
+   * {@link #KEY_PROTECTION_SECURE_ELEMENT}.
    *
    * <p>NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them.
    *
    * @see <a
-   *     href="https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-registry-v2.0-id-20180227.html#key-protection-types">FIDO
+   *     href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#key-protection-types">FIDO
    *     Registry of Predefined Values §3.2 Key Protection Types</a>
    */
-  public static final KeyProtectionType KEY_PROTECTION_SOFTWARE =
-      new KeyProtectionType((short) 0x0001, "SOFTWARE");
+  KEY_PROTECTION_SOFTWARE((short) 0x0001, "software"),
 
   /**
-   * This flag should be set if the authenticator uses hardware-based key management. Mutually
-   * exclusive with {@link #KEY_PROTECTION_SOFTWARE}.
+   * This flag SHOULD be set if the authenticator uses hardware-based key management. Exclusive in
+   * authenticator metadata with {@link #KEY_PROTECTION_SOFTWARE}.
    *
    * <p>NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them.
    *
    * @see <a
-   *     href="https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-registry-v2.0-id-20180227.html#key-protection-types">FIDO
+   *     href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#key-protection-types">FIDO
    *     Registry of Predefined Values §3.2 Key Protection Types</a>
    */
-  public static final KeyProtectionType KEY_PROTECTION_HARDWARE =
-      new KeyProtectionType((short) 0x0002, "HARDWARE");
+  KEY_PROTECTION_HARDWARE((short) 0x0002, "hardware"),
 
   /**
-   * This flag should be set if the authenticator uses the Trusted Execution Environment for key
-   * management. In authenticator metadata, this flag should be set in conjunction with {@link
-   * #KEY_PROTECTION_HARDWARE}. Mutually exclusive with {@link #KEY_PROTECTION_SOFTWARE}, {@link
-   * #KEY_PROTECTION_SECURE_ELEMENT}.
+   * This flag SHOULD be set if the authenticator uses the Trusted Execution Environment [TEE] for
+   * key management. In authenticator metadata, this flag should be set in conjunction with {@link
+   * #KEY_PROTECTION_HARDWARE}. Mutually exclusive in authenticator metadata with {@link
+   * #KEY_PROTECTION_SOFTWARE}, {@link #KEY_PROTECTION_SECURE_ELEMENT}.
    *
    * <p>NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them.
    *
    * @see <a
-   *     href="https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-registry-v2.0-id-20180227.html#key-protection-types">FIDO
+   *     href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#key-protection-types">FIDO
    *     Registry of Predefined Values §3.2 Key Protection Types</a>
    */
-  public static final KeyProtectionType KEY_PROTECTION_TEE =
-      new KeyProtectionType((short) 0x0004, "TEE");
+  KEY_PROTECTION_TEE((short) 0x0004, "tee"),
 
   /**
-   * This flag should be set if the authenticator uses a Secure Element for key management. In
-   * authenticator metadata, this flag should be set in conjunction with {@link
-   * #KEY_PROTECTION_HARDWARE}. Mutually exclusive with {@link #KEY_PROTECTION_TEE}, {@link
-   * #KEY_PROTECTION_SOFTWARE}.
+   * This flag SHOULD be set if the authenticator uses a Secure Element [SecureElement] for key
+   * management. In authenticator metadata, this flag should be set in conjunction with {@link
+   * #KEY_PROTECTION_HARDWARE}. Mutually exclusive in authenticator metadata with {@link
+   * #KEY_PROTECTION_TEE}, {@link #KEY_PROTECTION_SOFTWARE}.
    *
    * <p>NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them.
    *
    * @see <a
-   *     href="https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-registry-v2.0-id-20180227.html#key-protection-types">FIDO
+   *     href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#key-protection-types">FIDO
    *     Registry of Predefined Values §3.2 Key Protection Types</a>
    */
-  public static final KeyProtectionType KEY_PROTECTION_SECURE_ELEMENT =
-      new KeyProtectionType((short) 0x0008, "SECURE_ELEMENT");
+  KEY_PROTECTION_SECURE_ELEMENT((short) 0x0008, "secure_element"),
 
   /**
-   * This flag must be set if the authenticator does not store (wrapped) UAuth keys at the client,
-   * but relies on a server-provided key handle. This flag must be set in conjunction with one of
+   * This flag MUST be set if the authenticator does not store (wrapped) UAuth keys at the client,
+   * but relies on a server-provided key handle. This flag MUST be set in conjunction with one of
    * the other KEY_PROTECTION flags to indicate how the local key handle wrapping key and operations
-   * are protected. Servers may unset this flag in authenticator policy if they are not prepared to
+   * are protected. Servers MAY unset this flag in authenticator policy if they are not prepared to
    * store and return key handles, for example, if they have a requirement to respond
    * indistinguishably to authentication attempts against userIDs that do and do not exist. Refer to
-   * [UAFProtocol] for more details.
+   * [<a
+   * href="https://fidoalliance.org/specs/fido-uaf-v1.2-rd-20171128/fido-uaf-protocol-v1.2-rd-20171128.html">UAFProtocol</a>]
+   * for more details.
    *
    * <p>NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them.
    *
    * @see <a
-   *     href="https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-registry-v2.0-id-20180227.html#key-protection-types">FIDO
+   *     href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#key-protection-types">FIDO
    *     Registry of Predefined Values §3.2 Key Protection Types</a>
    * @see <a
    *     href="https://fidoalliance.org/specs/fido-uaf-v1.2-rd-20171128/fido-uaf-protocol-v1.2-rd-20171128.html">FIDO
    *     UAF Protocol Specification [UAFProtocol]</a>
    */
-  public static final KeyProtectionType KEY_PROTECTION_REMOTE_HANDLE =
-      new KeyProtectionType((short) 0x0010, "REMOTE_HANDLE");
+  KEY_PROTECTION_REMOTE_HANDLE((short) 0x0010, "remote_handle");
 
-  @JsonValue public final short value;
+  private final short value;
 
-  @EqualsAndHashCode.Exclude private final transient String name;
+  @JsonValue private final String name;
 
-  private KeyProtectionType(short value, String name) {
+  KeyProtectionType(short value, String name) {
     this.value = value;
     this.name = name;
   }
 
   /**
-   * @return An array containing all predefined values of {@link KeyProtectionType} known by this
-   *     implementation.
+   * @return If <code>value</code> matches any {@link KeyProtectionType} constant, returns that
+   *     constant instance. Otherwise throws {@link IllegalArgumentException}.
    */
-  public static KeyProtectionType[] values() {
-    return new KeyProtectionType[] {
-      KEY_PROTECTION_SOFTWARE,
-      KEY_PROTECTION_HARDWARE,
-      KEY_PROTECTION_TEE,
-      KEY_PROTECTION_SECURE_ELEMENT,
-      KEY_PROTECTION_REMOTE_HANDLE
-    };
+  public static KeyProtectionType fromValue(short value) {
+    return Stream.of(values())
+        .filter(v -> v.value == value)
+        .findAny()
+        .orElseThrow(
+            () ->
+                new IllegalArgumentException(
+                    String.format("Unknown %s value: 0x%04x", KeyProtectionType.class, value)));
   }
 
   /**
-   * @return If <code>value</code> is the same as that of any of the constants in {@link
-   *     KeyProtectionType}, returns that constant instance. Otherwise returns a new instance
-   *     containing <code>value</code>.
+   * @return If <code>name</code> matches any {@link Key} constant, returns that constant instance.
+   *     Otherwise throws {@link IllegalArgumentException}.
    */
   @JsonCreator
-  public static KeyProtectionType of(short value) {
+  public static KeyProtectionType fromName(String name) {
     return Stream.of(values())
-        .filter(v -> v.value == value)
+        .filter(v -> v.name.equals(name))
         .findAny()
-        .orElseGet(() -> new KeyProtectionType(value, null));
-  }
-
-  @Override
-  public String toString() {
-    if (name == null) {
-      return String.format("%s(%04x)", KeyProtectionType.class.getSimpleName(), value);
-    } else {
-      return "KEY_PROTECTION_" + name;
-    }
+        .orElseThrow(
+            () ->
+                new IllegalArgumentException(
+                    String.format("Unknown %s name: %s", KeyProtectionType.class, name)));
   }
 }

webauthn-server-core/src/main/java/com/yubico/fido/metadata/MatcherProtectionType.java

@@ -3,100 +3,99 @@
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonValue;
 import java.util.stream.Stream;
-import lombok.EqualsAndHashCode;
+import lombok.Getter;
 
 /**
- * Enum-like collection of known <code>MATCHER_PROTECTION</code> values.
+ * The MATCHER_PROTECTION constants are flags in a bit field represented as a 16 bit long integer.
+ * They describe the method an authenticator uses to protect the matcher that performs user
+ * verification. These constants are reported and queried through the UAF Discovery APIs and used to
+ * form authenticator policies in UAF protocol messages. Refer to [UAFAuthnrCommands] for more
+ * details on the matcher component. Each constant has a case-sensitive string representation (in
+ * quotes), which is used in the authoritative metadata for FIDO authenticators.
  *
- * <p>Constants in this class behave like enum constants. Use {@link #of(short)} to parse raw <code>
- * int</code> values.
- *
- * @see #of(short)
+ * @see #fromValue(int)
+ * @see #fromName(String)
  * @see <a
- *     href="https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-registry-v2.0-id-20180227.html#matcher-protection-types">FIDO
+ *     href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#matcher-protection-types">FIDO
  *     Registry of Predefined Values §3.3 Matcher Protection Types</a>
  */
-@EqualsAndHashCode
-public class MatcherProtectionType {
+@Getter
+public enum MatcherProtectionType {
 
   /**
-   * This flag must be set if the authenticator's matcher is running in software. Mutually exclusive
-   * with {@link #MATCHER_PROTECTION_TEE}, {@link #MATCHER_PROTECTION_ON_CHIP}.
+   * This flag MUST be set if the authenticator's matcher is running in software. Exclusive in
+   * authenticator metadata with {@link #MATCHER_PROTECTION_TEE}, {@link
+   * #MATCHER_PROTECTION_ON_CHIP}.
    *
    * <p>NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them.
    *
    * @see <a
-   *     href="https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-registry-v2.0-id-20180227.html#matcher-protection-types">FIDO
+   *     href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#matcher-protection-types">FIDO
    *     Registry of Predefined Values §3.3 Matcher Protection Types</a>
    */
-  public static final MatcherProtectionType MATCHER_PROTECTION_SOFTWARE =
-      new MatcherProtectionType((short) 0x0001, "SOFTWARE");
+  MATCHER_PROTECTION_SOFTWARE((short) 0x0001, "software"),
 
   /**
-   * This flag should be set if the authenticator's matcher is running inside the Trusted Execution
-   * Environment. Mutually exclusive with {@link #MATCHER_PROTECTION_SOFTWARE}, {@link
-   * #MATCHER_PROTECTION_ON_CHIP}.
+   * This flag SHOULD be set if the authenticator's matcher is running inside the Trusted Execution
+   * Environment [TEE]. Mutually exclusive in authenticator metadata with {@link
+   * #MATCHER_PROTECTION_SOFTWARE}, {@link #MATCHER_PROTECTION_ON_CHIP}.
    *
    * <p>NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them.
    *
    * @see <a
-   *     href="https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-registry-v2.0-id-20180227.html#matcher-protection-types">FIDO
+   *     href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#matcher-protection-types">FIDO
    *     Registry of Predefined Values §3.3 Matcher Protection Types</a>
    */
-  public static final MatcherProtectionType MATCHER_PROTECTION_TEE =
-      new MatcherProtectionType((short) 0x0002, "TEE");
+  MATCHER_PROTECTION_TEE((short) 0x0002, "tee"),
 
   /**
-   * This flag should be set if the authenticator's matcher is running on the chip. Mutually
-   * exclusive with {@link #MATCHER_PROTECTION_TEE}, {@link #MATCHER_PROTECTION_SOFTWARE}.
+   * This flag SHOULD be set if the authenticator's matcher is running on the chip. Mutually
+   * exclusive in authenticator metadata with {@link #MATCHER_PROTECTION_TEE}, {@link
+   * #MATCHER_PROTECTION_SOFTWARE}
    *
    * <p>NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them.
    *
    * @see <a
-   *     href="https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-registry-v2.0-id-20180227.html#matcher-protection-types">FIDO
+   *     href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#matcher-protection-types">FIDO
    *     Registry of Predefined Values §3.3 Matcher Protection Types</a>
    */
-  public static final MatcherProtectionType MATCHER_PROTECTION_ON_CHIP =
-      new MatcherProtectionType((short) 0x0004, "ON_CHIP");
+  MATCHER_PROTECTION_ON_CHIP((short) 0x0004, "on_chip");
 
-  @JsonValue public final short value;
+  private final short value;
 
-  @EqualsAndHashCode.Exclude private final transient String name;
+  @JsonValue private final String name;
 
-  private MatcherProtectionType(short value, String name) {
+  MatcherProtectionType(short value, String name) {
     this.value = value;
     this.name = name;
   }
 
   /**
-   * @return An array containing all predefined values of {@link MatcherProtectionType} known by
-   *     this implementation.
+   * @return If <code>value</code> matches any {@link MatcherProtectionType} constant, returns that
+   *     constant instance. Otherwise throws {@link IllegalArgumentException}.
    */
-  public static MatcherProtectionType[] values() {
-    return new MatcherProtectionType[] {
-      MATCHER_PROTECTION_SOFTWARE, MATCHER_PROTECTION_TEE, MATCHER_PROTECTION_ON_CHIP
-    };
+  public static MatcherProtectionType fromValue(int value) {
+    return Stream.of(values())
+        .filter(v -> v.value == value)
+        .findAny()
+        .orElseThrow(
+            () ->
+                new IllegalArgumentException(
+                    String.format("Unknown %s value: 0x%04x", MatcherProtectionType.class, value)));
   }
 
   /**
-   * @return If <code>value</code> is the same as that of any of the constants in {@link
-   *     MatcherProtectionType}, returns that constant instance. Otherwise returns a new instance
-   *     containing <code>value</code>.
+   * @return If <code>name</code> matches any {@link MatcherProtectionType} constant, returns that
+   *     constant instance. Otherwise throws {@link IllegalArgumentException}.
    */
   @JsonCreator
-  public static MatcherProtectionType of(short value) {
+  public static MatcherProtectionType fromName(String name) {
     return Stream.of(values())
-        .filter(v -> v.value == value)
+        .filter(v -> v.name.equals(name))
         .findAny()
-        .orElseGet(() -> new MatcherProtectionType(value, null));
-  }
-
-  @Override
-  public String toString() {
-    if (name == null) {
-      return String.format("%s(%04x)", MatcherProtectionType.class.getSimpleName(), value);
-    } else {
-      return "MATCHER_PROTECTION_" + name;
-    }
+        .orElseThrow(
+            () ->
+                new IllegalArgumentException(
+                    String.format("Unknown %s name: %s", MatcherProtectionType.class, name)));
   }
 }